Security & Privacy Policies

Security Policy

Parent’s Commitment to Security

Parent™ is a tool for childcare and early learning programs, as well as parents, to record and share children’s activities. As a result, we take the safety, security and privacy of all information very seriously. We are committed to having the latest security systems in place to protect this information, as well as policies that respect the privacy of all of our users.

Website security

All information on Parent™ is stored behind an encrypted password, both for our childcare and early learning programs, as well as parents. Only those with authorization are able to access Parent™. The website also has a Secure Sockets Layer (SSL) certificate. SSL is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the Parent™ server and your browser remains private. SSL is an industry standard for securing online transactions so it is  used by online banking, payments sites, government facilities, hospitals and similarly, is used by Parent™ to encrypt data transfers containing children’s information.

Server security

All data in Parent™ is stored on Amazon Web Services (AWS) cloud infrastructure. It is one of the most secure cloud computing environments available with highly secure data centers utilizing state-of the art electronic surveillance and access control systems, including 24/7 trained security guard protection. It is suited to run sensitive government applications and is used by government agencies all over the world, you can read more about AWS’s security here

Database security

Parent™’s database complies with the most stringent security requirements. As part of our first-rate services, all data is stored encryption-at-rest. Data at rest refers to inactive data stored physically in any digital form, for example, information on your laptop is considered data at rest. Encrypting data at rest means that in the exceedingly unlikely event of a physical breach of underlying infrastructure, your data would remain safe and secure.

Access to information

Access to a child’s information through Parent™ is provided only to the child’s primary guardians by their childcare or early learning setting. Once primary guardians have access to Parent™ it is at their sole discretion to share their child’s information with other family and relatives if they choose to do so. This access can also be revoked at any time at the discretion of the primary guardians.

Privacy Policy

Owner and Data Controller

Parent ApS
Ballerupvej 62
3500 Værløse
Denmark

Types of Data collected

Among the types of Personal Data that parent.eu collects, by itself or through third parties, there are: first name, last name, email address, Cookies, Usage Data, username, website, Calendar permission, Camera permission, Precise location permission (non-continuous), Microphone permission, Storage permission, Reminders permission and geographic position.

Complete details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy or by specific explanation texts displayed prior to the Data collection.
The Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using parent.eu.
All Data requested by parent.eu is mandatory and failure to provide this Data may make it impossible for parent.eu to provide its services. In cases where parent.eu specifically states that some Data is not mandatory, Users are free not to communicate this Data without any consequences on the availability or the functioning of the service.
Users who are uncertain about which Personal Data is mandatory are welcome to contact the Owner.
Any use of Cookies – or of other tracking tools – by parent.eu or by the owners of third-party services used by parent.eu serves the purpose of providing the service required by the User, in addition to any other purposes described in the present document and in the Cookie Policy, if available.

Users are responsible for any third-party Personal Data obtained, published or shared through parent.eu and confirm that they have the third party’s consent to provide the Data to the Owner.

Mode and place of processing the Data

Methods of processing

The Data Controller processes the Data of Users in a proper manner and shall take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.
The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Data Controller, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of the site (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Data Controller at any time.

Place

The Data is processed at the Data Controller’s operating offices and in any other places where the parties involved with the processing are located. For further information, please contact the Data Controller.

Retention time

The Data is kept for the time necessary to provide the service requested by the User, or stated by the purposes outlined in this document, and the User can always request that the Data Controller suspend or remove the data.

The use of the collected Data

The Data concerning the User is collected to allow the Owner to provide its services, as well as for the following purposes: Content commenting, Device permissions for Personal Data access, Backup saving and management, Hosting and backend infrastructure, Location-based interactions, Registration and authentication and User database management.

The Personal Data used for each purpose is outlined in the specific sections of this document.

Device permissions for Personal Data access

Depending on the User’s specific device, parent.eu may request certain permissions that allow it to access the User’s device Data as described below.

By default, these permissions must be granted by the User before the respective information can be accessed. Once the permission has been given, it can be revoked by the User at any time. In order to revoke these permissions, Users may refer to the device settings or contact the Owner for support at the contact details provided in the present document.
The exact procedure for controlling app permissions may be dependent on the User’s device and software.

Please note that the revoking of such permissions might impact the proper functioning of parent.eu.

If User grants any of the permissions listed below, the respective Personal Data may be processed (i.e accessed to, modified or removed) by parent.eu.

Calendar permission

Used for accessing the calendar on the User’s device, including the reading, adding and removing of entries.

Camera permission

Used for accessing the camera or capturing images and video from the device.

Microphone permission

Used for accessing and recording microphone audio from the User’s device.

Precise location permission (non-continuous)

Used for accessing the User’s precise device location. Parent.eu may collect, use, and share User location Data in order to provide location-based services.
The geographic location of the User is determined in a manner that isn’t continuous. This means that it is impossible for parent.eu to derive the exact position of the User on a continuous basis.

Reminders permission

Used for accessing the Reminders app on the User’s device, including the reading, adding and removing of entries.

Storage permission

Used for accessing shared external storage, including the reading and adding of any items.

Detailed information on the processing of Personal Data

Personal Data is collected for the following purposes and using the following services:

Backup saving and management

This type of service allows the Owner to save and manage backups of parent.eu on external servers managed by the service provider itself. The backups may include the source code and content as well as the data that the User provides to parent.eu.

Amazon Glacier (Amazon)

Amazon Glacier is a service to save and manage backups provided by Amazon Web Services Inc.
Personal Data collected: various types of Data as specified in the privacy policy of the service.

Content commenting

Content commenting services allow Users to make and publish their comments on the contents of parent.eu.
Depending on the settings chosen by the Owner, Users may also leave anonymous comments. If there is an email address among the Personal Data provided by the User, it may be used to send notifications of comments on the same content. Users are responsible for the content of their own comments.
If a content commenting service provided by third parties is installed, it may still collect web traffic data for the pages where the comment service is installed, even when Users do not use the content commenting service.

Comment system managed directly (parent.eu)

Parent.eu has its own internal content comment system.
Personal Data collected: Cookies, email address, first name, last name, Usage Data, username and website.

Device permissions for Personal Data access

Parent.eu requests certain permissions from Users that allow it to access the User’s device Data as described below.

Device permissions for Personal Data access (parent.eu)

Parent.eu requests certain permissions from Users that allow it to access the User’s device Data as summarized here and described within this document.
Personal Data collected: Calendar permission, Camera permission, Microphone permission, Precise location permission (non-continuous), Reminders permission and Storage permission.

Hosting and backend infrastructure

This type of service allows the Owner to save and manage backups of parent.eu on external servers managed by the service provider itself. The backups may include the source code and content as well as the data that the User provides to parent.eu.

Amazon Web Services (AWS) (Amazon)

Amazon Web Services is a hosting and backend service provided by Amazon.com Inc.
Personal Data collected: various types of Data as specified in the privacy policy of the service.

User database management

This type of service allows the Owner to build user profiles by starting from an email address, a personal name, or other information that the User provides to parent.eu, as well as to track User activities through analytics features. This Personal Data may also be matched with publicly available information about the User (such as social networks’ profiles) and used to build private profiles that the Owner can display and use for improving parent.eu.

Some of these services may also enable the sending of timed messages to the User, such as emails based on specific actions performed on parent.eu.

Intercom (Intercom Inc.)

Intercom is a User database management service provided by Intercom Inc. Intercom can also be used as a medium for communications, either through email, or through messages within parent.eu.
Personal Data collected: Cookies, email address, Usage Data and various types of Data as specified in the privacy policy of the service.

Location-based interactions

Device permissions for Personal Data access (parent.eu)

Parent.eu may collect, use, and share User location Data in order to provide location-based services.

Most browsers and devices provide tools to opt out from this feature by default. If explicit authorization has been provided, the User’s location data may be tracked by parent.eu.

The geographic location of the User is determined in a manner that isn’t continuous, either at the specific request of the User or when the User doesn’t point out its current location in the appropriate field and allows the application to detect the position automatically.

Personal Data collected: geographic position.

Registration and authentication

By registering or authenticating, Users allow parent.eu to identify them and give them access to dedicated services.

Depending on what is described below, third parties may provide registration and authentication services. In this case, parent.eu will be able to access some Data, stored by these third-party services, for registration or identification purposes.

Google OAuth (Google Inc.)

Google OAuth is a registration and authentication service provided by Google Inc. and is connected to the Google network.

Personal Data collected: various types of Data as specified in the privacy policy of the service.

Facebook Authentication (Facebook, Inc.)

Facebook Authentication is a registration and authentication service provided by Facebook, Inc. and is connected to the Facebook social network.

Personal Data collected: various types of Data as specified in the privacy policy of the service.

Further information about Personal Data

Personal Data is collected for the following purposes and using the following services:

Push notifications

This type of service allows the Owner to save and manage backups of parent.eu on external servers managed by the service provider itself. The backups may include the source code and content as well as the data that the User provides to parent.eu.

Amazon Glacier (Amazon)

Amazon Glacier is a service to save and manage backups provided by Amazon Web Services Inc.

Personal Data collected: various types of Data as specified in the privacy policy of the service.

Unique device identification

Content commenting services allow Users to make and publish their comments on the contents of parent.eu.
Depending on the settings chosen by the Owner, Users may also leave anonymous comments. If there is an email address among the Personal Data provided by the User, it may be used to send notifications of comments on the same content. Users are responsible for the content of their own comments.

If a content commenting service provided by third parties is installed, it may still collect web traffic data for the pages where the comment service is installed, even when Users do not use the content commenting service.

Comment system managed directly (parent.eu)

Parent.eu has its own internal content comment system.

Personal Data collected: Cookies, email address, first name, last name, Usage Data, username and website.

Additional information about Data collection and processing

Legal action

The User’s Personal Data may be used for legal purposes by the Data Controller, in Court or in the stages leading to possible legal action arising from improper use of parent.eu or the related services.
The User declares to be aware that the Data Controller may be required to reveal personal data upon request of public authorities.

Additional information about User’s Personal Data

In addition to the information contained in this privacy policy, parent.eu may provide the User with additional and contextual information concerning particular services or the collection and processing of Personal Data upon request.

System logs and maintenance

For operation and maintenance purposes, parent.eu and any third-party services may collect files that record interaction with parent.eu (System logs) or use for this purpose other Personal Data (such as IP Address).

Information not contained in this policy

More details concerning the collection or processing of Personal Data may be requested from the Data Controller at any time. Please see the contact information at the beginning of this document.

The rights of Users

Users have the right, at any time, to know whether their Personal Data has been stored and can consult the Data Controller to learn about their contents and origin, to verify their accuracy or to ask for them to be supplemented, cancelled, updated or corrected, or for their transformation into anonymous format or to block any data held in violation of the law, as well as to oppose their treatment for any and all legitimate reasons. Requests should be sent to the Data Controller at the contact information set out above.
Parent.eu does not support “Do Not Track” requests.
To determine whether any of the third-party services it uses honor the “Do Not Track” requests, please read their privacy policies.

Changes to this privacy policy

The Data Controller reserves the right to make changes to this privacy policy at any time by giving notice to its Users on this page. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom. If a User objects to any of the changes to the Policy, the User must cease using parent.eu and can request that the Data Controller remove the Personal Data. Unless stated otherwise, the then-current privacy policy applies to all Personal Data the Data Controller has about Users.

Information about this privacy policy

The Data Controller is responsible for this privacy policy, prepared starting from the modules provided by iubenda and hosted on iubenda’s servers.